Skynet Skynet v8 - Router Firewall & Security Enhancements

[dave14305]

I have the almost same set up as John and see the same issues. I think there is a race condition with mounting the usb device. In the firewall.sh line 130 there is a check to see if the string $skynetloc is empty (-z). Is this check correct? If the string is empty then we do not want to use it within the if statement. Also the wait loop for the usb is not executed.

Thanks in Advance.

Change the -z to -n and see if it improves things.

 

[happyaslarry]

I changed it to [ ! -z $skynetloc ] and the firewall survives many reboots. There is still an issue with the lock file (/tmp/skynet.lock) being incorrectly detected but the firewall debug info extended show all green. I would place it in the "not seen to fail" category at the moment. Hopefully this helps someone with more knowledge of the code.

 

[Kingp1n]

Just installed latest Skynet & running without issues! I do use default list/settings and I don't block any countries.

@Adamm we appreciate the continued support!!!

Update:

For whatever reason (I do have one of those HND 5.04 router) my logs weren't generating so I had to run these 2 commands for it to work:

Post in thread 'No data to display in Skynet Statistics' https://www.snbforums.com/threads/no-data-to-display-in-skynet-statistics.78976/post-763912

 

[Ubimo]

I can consistently reproduce my issue by following these steps:

1. Switch to the custom filter list: https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/filter.list
2. After some random time (max. 1 hour), all of my devices (PCs, laptops, and smartphones) lose their connection to the router.

Although the SSID is still visible, the router no longer assigns an IP address.
I also don’t receive an IP address when connecting directly to the router via an Ethernet cable.
Everything works fine when using the default filter list.
I don't see anything unusual in syslog.

 

[XxUnkn0wnxX]

Adamm has a GT- BE98. I'm assuming he's on 3006 code base.
So I'm wondering if this is 3004 code base related?

I wonder this too as I'm 3004.388.10_2, stuck with my GT-AX11000...

 

[Davidncali001]

I wonder this too as I'm 3004.388.10_2, stuck with my GT-AX11000...

Happening to me as well and I'm on: RT-AX86U Pro - Asuswrt-Merlin 3006.102.6 Beta

 

[CaptainSTX]

After updating to Skynet 8.02, I encountered the following error:

IPTables Rules | [Failed]

A few minutes later, this followed:

IPSets | [Failed]

After some troubleshooting, I traced the issue to my long country blocking list:

 Banned Countries; cn ru sc ua ee ls gr ba bg hr cz ge hu kg lv lt mc kp ro sk vn uz lk br ar cl co pa py uy iq ir jm

It seems the update may have introduced a change in how large IP sets are handled.
Solution:

1. I manually removed the country block list.
2. Reloaded Skynet.
3. Then, I re-added the countries gradually, starting with just a few to confirm stability.
4. Once confirmed, I reloaded the full list.

Since then, everything has been stable and working as expected.

I currently have no problems on my AX88Pro with defaults only, however previously when running my AX86 and a list of 26 banned countries my throughput was noticeably reduced. Removed the country bans and went with default lists and throughput issue eliminated. Is it possible that one of the reasons that posters with long lists of bans either countries or other lists have routers that just don't have the processing to handle the necessary checks?

 

[happyaslarry]

Regarding the Lock messages from my last message they are always owned by the running process. These messages are therefore misleading. I have placed a check if [ $locked_pid -ne $$ ]; then ... fi around the messages in Load_Menu and the debug/info code. Once again if someone could review and comment.

With these additional changes the firewall appears to be running. I am on the Firmware Version 388.10_2 for all those wondering about 3004 vs 3006.

Thanks in Advance.